feat: include semantic release in the publish workflow for incremental version tagging and release note generation

.github/dependabot.yaml

@@ -6,23 +6,38 @@ updates:
     directory: "/"
     schedule:
       interval: "daily"
+    commit-message:
+      # Prefix all commit messages with "chore: "
+      prefix: "chore"
 
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "daily"
+    commit-message:
+      # Prefix all commit messages with "chore: "
+      prefix: "chore"
 
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
       interval: "daily"
+    commit-message:
+      # Prefix all commit messages with "chore: "
+      prefix: "chore"
 
   - package-ecosystem: "pip"
     directory: "/"
     schedule:
       interval: "daily"
+    commit-message:
+      # Prefix all commit messages with "chore: "
+      prefix: "chore"
 
   - package-ecosystem: "terraform"
     directory: "/"
     schedule:
       interval: "daily"
+    commit-message:
+      # Prefix all commit messages with "chore: "
+      prefix: "chore"

.github/workflows/cicd-1-pull-request.yaml

@@ -27,6 +27,13 @@ jobs:
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v4
+      - name: "Semantic Release"
+        uses: cycjimmy/semantic-release-action@v4.1.0
+        id: semantic
+        with:
+          dry_run: true
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: "Set CI/CD variables"
         id: variables
         run: |
@@ -39,7 +46,7 @@ jobs:
           echo "nodejs_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
           echo "python_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
           echo "terraform_version=$(grep "^terraform" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
-          echo "version=$(head -n 1 .version 2> /dev/null || echo unknown)" >> $GITHUB_OUTPUT
+          echo "version=${{steps.semantic.outputs.new_release_version}}" >> $GITHUB_OUTPUT
       - name: "Check if pull request exists for this branch"
         id: pr_exists
         env:

.github/workflows/cicd-2-publish.yaml

@@ -1,16 +1,17 @@
 name: "CI/CD publish"
 
 on:
-  pull_request:
-    types: [closed]
-    branches:
-      - main
+  push:
+    branches: [ "main" ]
+  # pull_request:
+  #   types: [closed]
+  #   branches: [ "main" ]
 
 jobs:
   metadata:
     name: "Set CI/CD metadata"
     runs-on: ubuntu-latest
-    if: github.event.pull_request.merged == true
+    # if: github.event.pull_request.merged == true
     timeout-minutes: 1
     outputs:
       build_datetime: ${{ steps.variables.outputs.build_datetime }}
@@ -19,7 +20,6 @@ jobs:
       nodejs_version: ${{ steps.variables.outputs.nodejs_version }}
       python_version: ${{ steps.variables.outputs.python_version }}
       terraform_version: ${{ steps.variables.outputs.terraform_version }}
-      version: ${{ steps.variables.outputs.version }}
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v4
@@ -33,8 +33,6 @@ jobs:
           echo "nodejs_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
           echo "python_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
           echo "terraform_version=$(grep "^terraform" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
-          # TODO: Get the version, but it may not be the .version file as this should come from the CI/CD Pull Request Workflow
-          echo "version=$(head -n 1 .version 2> /dev/null || echo unknown)" >> $GITHUB_OUTPUT
       - name: "List variables"
         run: |
           export BUILD_DATETIME="${{ steps.variables.outputs.build_datetime }}"
@@ -43,42 +41,38 @@ jobs:
           export NODEJS_VERSION="${{ steps.variables.outputs.nodejs_version }}"
           export PYTHON_VERSION="${{ steps.variables.outputs.python_version }}"
           export TERRAFORM_VERSION="${{ steps.variables.outputs.terraform_version }}"
-          export VERSION="${{ steps.variables.outputs.version }}"
           make list-variables
   publish:
     name: "Publish packages"
     runs-on: ubuntu-latest
     needs: [metadata]
-    if: github.event.pull_request.merged == true
+    # if: github.event.pull_request.merged == true
     timeout-minutes: 3
+    outputs:
+      version: ${{ steps.semantic.outputs.new_release_version }}
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v4
       - name: "Get the artefacts"
         run: |
           echo "Getting the artefacts created by the build stage ..."
           # TODO: Use either action/cache or action/upload-artifact
-      - name: "Create release"
-        id: create_release
-        uses: actions/create-release@v1
+      - name: "Semantic Release"
+        uses: cycjimmy/semantic-release-action@v4.1.0
+        id: semantic
+        with:
+          dry_run: ${{github.event_name == 'pull_request'}}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          tag_name: ${{ needs.metadata.outputs.version }}
-          release_name: Release ${{ needs.metadata.outputs.version }}
-          body: |
-            Release of ${{ needs.metadata.outputs.version }}
-          draft: false
-          prerelease: false
-      # - name: "Upload release asset"
-      #   uses: actions/upload-release-asset@v1
-      #   env:
-      #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      #   with:
-      #     upload_url: "${{ steps.create_release.outputs.upload_url }}"
-      #     asset_path: ./*
-      #     asset_name: repository-template-${{ needs.metadata.outputs.version }}.tar.gz
-      #     asset_content_type: "application/gzip"
+      - name: "Output new release details"
+        if: steps.semantic.outputs.new_release_published == 'true'
+        run: |
+          echo ${{ steps.semantic.outputs.new_release_version }}
+          echo ${{ steps.semantic.outputs.new_release_major_version }}
+          echo ${{ steps.semantic.outputs.new_release_minor_version }}
+          echo ${{ steps.semantic.outputs.new_release_patch_version }}
+          export VERSION="${{ steps.semantic.outputs.new_release_version }}"
+          make list-variables
   success:
     name: "Success notification"
     runs-on: ubuntu-latest

.github/workflows/cicd-3-deploy.yaml

@@ -36,7 +36,7 @@ jobs:
           echo "python_version=$(grep "^nodejs" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
           echo "terraform_version=$(grep "^terraform" .tool-versions | cut -f2 -d' ')" >> $GITHUB_OUTPUT
           # TODO: Get the version, but it may not be the .version file as this should come from the CI/CD Pull Request Workflow
-          echo "version=$(head -n 1 .version 2> /dev/null || echo unknown)" >> $GITHUB_OUTPUT
+          echo "version=${{ github.event.ref }}" >> $GITHUB_OUTPUT
           echo "tag=${{ github.event.inputs.tag }}" >> $GITHUB_OUTPUT
       - name: "List variables"
         run: |

.releaserc

@@ -0,0 +1,10 @@
+{
+  "plugins": [
+    "@semantic-release/commit-analyzer",
+    "@semantic-release/release-notes-generator",
+    "@semantic-release/github"
+  ],
+  "branches": [
+    "main"
+  ]
+}

docs/adr/ADR-XXX_Agree_CICD_pipeline_structure.md

@@ -43,7 +43,6 @@ Requirements:
 - Implement good CI/CD practices, such as:
   - Setting the build time variables at the start of the process
   - Storing the tooling versions like Terraform, Python and Node.js in the `./.tools-version` file
-  - Storing the software/project version in the `./VERSION` file
   - Keeping the main workflow modular
   - Ensuring a timeout is set for each job
   - Listing environment variables

docs/user-guide.md

@@ -0,0 +1,15 @@
+# User Guides
+
+- [Perform static analysis](./user-guides/Perform_static_analysis.md)
+- [Run Git hook on commit](./user-guides/Run_Git_hooks_on_commit.md)
+- [Scan dependencies](./user-guides/Scan_dependencies.md)
+- [Scan secrets](./user-guides/Scan_secrets.md)
+- [Semantic release](./user-guides/Semantic_release.md)
+- [Sign Git commits](./user-guides/Sign_Git_commits.md)
+- [Test GitHub Actions locally](./user-guides/Test_GitHub_Actions_locally.md)
+
+## Developer Guides
+
+- [Bash and Make](./developer-guides/Bash_and_Make.md)
+- [Scripting Docker](./developer-guides/Scripting_Docker.md)
+- [Scripting Terraform](./developer-guides/Scripting_Terraform.md)

docs/user-guides/Semantic_release.md

@@ -0,0 +1,34 @@
+# Guide: Semantic release
+
+- [Guide: Semantic release](#guide-semantic-release)
+  - [Overview](#overview)
+  - [Key files](#key-files)
+  - [Configuration checklist](#configuration-checklist)
+  - [Testing](#testing)
+
+## Overview
+
+Semantic release ([semantic-release](https://semantic-release.gitbook.io/semantic-release)) is used for automatically tagging and creating GitHub releases with change logs from commit messages. It uses the [SemVer](https://semver.org/) convention and the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) specification by describing the features, fixes, and breaking changes made in commit messages.
+
+The table below shows which commit message gets you which release type when semantic-release runs (using the default configuration):
+
+| Commit message | Release type |
+|----------------|--------------|
+| `fix(pencil): stop graphite breaking when too much pressure applied` | ~~Patch~~ Fix Release |
+| `feat(pencil): add 'graphiteWidth' option` | ~~Minor~~ Feature Release |
+| `perf(pencil): remove graphiteWidth option`<br/>`BREAKING CHANGE: The graphiteWidth option has been removed. The default graphite width of 10mm is always used for performance reasons.` | ~~Major~~ Breaking Release <br/>(Note that the BREAKING CHANGE:  token must be in the footer of the commit) |
+
+## Key files
+
+- [`.releaserc`](../../.releaserc): semantic-release's configuration file, written in YAML or JSON
+
+## Configuration checklist
+
+Configuration should be made in the `.releaserc` file.
+
+- Adjust the [configuration settings](https://semantic-release.gitbook.io/semantic-release/usage/configuration#branches) to align with your project's branching strategy
+- Configure [plugins](https://semantic-release.gitbook.io/semantic-release/usage/plugins) depending on your needs
+
+## Testing
+
+It is recommended that any configuration changes are tested in a simple repository before committing to your main one